oddguan.com
Prompt Injection Vulnerability in GitHub Actions AI Agents Exposes Secrets
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security researchers discovered a critical vulnerability in three AI agents integrated with GitHub Actions: Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and Microsoft's GitHub Copilot. The vulnerability allows attackers to perform prompt injection attacks, enabling them to steal API keys and access tokens from the host repository. The attack method involves crafting malicious pull request titles or issue bodies that the AI agents process without proper sanitization. Researchers received bug bounties for their findings but noted that the vendors did not disclose the vulnerabilities or assign CVEs, leaving users unaware of their exposure. The CVSS score for the vulnerability is 9.4, indicating a critical risk. The potential impact extends to any GitHub Actions that allow access to sensitive tools and secrets. The researchers warned that similar vulnerabilities could exist in other AI agents integrated with GitHub Actions.
Key Points: • Three AI agents in GitHub Actions are vulnerable to prompt injection attacks. • Attackers can steal sensitive API keys and access tokens using crafted pull request titles. • Vendors did not disclose vulnerabilities or assign CVEs, leaving users at risk.